Show
Ignore:
Timestamp:
23-08-10 16:21:16 (4 years ago)
Author:
keesvb
Message:

first implementation of user-based REST services, only checks whether a user is owner of a study and returns the studies and assays only for his/her owned studies. The other methods are not secured yet, but ought to go via study or assay.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/RestController.groovy

    r829 r831  
    1616 */ 
    1717 
    18 import data.* 
    1918import dbnp.studycapturing.Study 
    2019import dbnp.studycapturing.Assay 
    2120import grails.converters.* 
    22 import org.codehaus.groovy.grails.web.json.* 
    23  
     21import nl.metabolomicscentre.dsp.http.BasicAuthentication 
    2422 
    2523 
     
    3230     /**************************************************/ 
    3331 
     32        def authService 
    3433        def beforeInterceptor = [action:this.&auth] 
    3534        def credentials 
     35        def requestUser 
    3636// defined as a regular method so its private 
    3737 
     38        /** 
     39         * Authorization closure, which is run before executing any of the REST resource actions 
     40         * It fetches a username/password combination from basic HTTP authentication and checks whether 
     41         * that is an active (nimble) account 
     42         * @return 
     43         */ 
    3844        def auth() { 
    39             credentials = nl.metabolomicscentre.dsp.http.BasicAuthentication.credentialsFromRequest(request) 
    40                 if(false) { 
     45            credentials = BasicAuthentication.credentialsFromRequest(request) 
     46                requestUser = authService.authUser(credentials.u,credentials.p) 
     47                if(!requestUser) { 
    4148                    response.sendError(403) 
    4249                return false 
    4350            } 
     51                else { 
     52                        return true 
     53                } 
    4454        } 
    4555 
     
    5565        def getStudies = { 
    5666                List studies = []  
    57                 Study.list().each { study -> 
     67                Study.findAllByOwner(requestUser).each { study -> 
    5868                        studies.push( [ 'externalStudyID': study.code, 'name':study.title ] ) 
    5969                } 
     
    93103                List assays = []  
    94104                if( params.externalStudyID ) { 
    95                         println params.moduleURL 
    96                         def study = Study.find( "from Study as s where s.code=?", [params.externalStudyID]) 
     105                        def study = Study.find( "from Study as s where s.owner=? and s.code=?", [requestUser.getId(), params.externalStudyID]) 
    97106                        if(study) study.assays.each{ assay -> 
    98                                 println assay.module.url 
    99107                                if (assay.module.url.equals(params.moduleURL)) { 
    100108                                def map = ['name':assay.name, 'externalAssayID':assay.externalAssayID]